Skip to content

Commit

Permalink
[api] Adding support to wipe via token
Browse files Browse the repository at this point in the history
Introduce a Wipe token, esp to allow to rebuild patchinfo's which
require a wipe in non-incident projects.
  • Loading branch information
adrianschroeter committed Nov 8, 2024
1 parent 3483817 commit 72753c1
Show file tree
Hide file tree
Showing 12 changed files with 84 additions and 4 deletions.
1 change: 1 addition & 0 deletions docs/api/api/tokenlist.rng
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,7 @@
- rebuild: trigger rebuilds of packages
- release: trigger project releases
- runservice: run a service via the POST /trigger/runservice route
- wipe: trigger wipe of binary artifacts
- workflow: trigger SCM/CI workflows, see https://openbuildservice.org/help/manuals/obs-user-guide/cha-obs-scm-ci-workflow-integration
</a:documentation>
<ref name="token-kind"/>
Expand Down
2 changes: 1 addition & 1 deletion src/api/app/controllers/person/token_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ def validate_operation
# - webUI: https://github.com/openSUSE/open-build-service/blob/master/src/api/app/models/token.rb#L27
# - API: https://github.com/openSUSE/open-build-service/blob/master/src/api/public/apidocs/paths/person_login_token.yaml#L89
return if operation_param.nil? ||
%w[runservice rebuild release workflow].include?(operation_param) # possible API parameter values
%w[runservice rebuild release wipe workflow].include?(operation_param) # possible API parameter values

render_error status: 400,
errorcode: 'invalid_token_type',
Expand Down
2 changes: 1 addition & 1 deletion src/api/app/controllers/trigger/errors.rb
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,6 @@ class BadSCMPayload < APIError
end

class MissingPackage < APIError
setup 'bad_request', 400, 'A package must be provided for the operations rebuild, release and runservice'
setup 'bad_request', 400, 'A package must be provided for the operations rebuild, release, wipe and runservice'
end
end
7 changes: 6 additions & 1 deletion src/api/app/controllers/trigger_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -52,13 +52,18 @@ def runservice
create
end

# validate_token_type callback uses the action_name
def wipe
create

Check warning on line 57 in src/api/app/controllers/trigger_controller.rb

View check run for this annotation

Codecov / codecov/patch

src/api/app/controllers/trigger_controller.rb#L57

Added line #L57 was not covered by tests
end

private

def validate_parameters_by_token
case @token.type
when 'Token::Workflow'
raise InvalidToken, 'Invalid token found'
when 'Token::Rebuild', 'Token::Release'
when 'Token::Rebuild', 'Token::Release', 'Token::Wipe'
return if params[:project].present?
when 'Token::Service'
return if params[:project].present? && params[:package].present?
Expand Down
5 changes: 5 additions & 0 deletions src/api/app/lib/backend/api/sources/package.rb
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,11 @@ def self.file(project_name, package_name, file_name)
http_get(['/source/:project/:package/:filename', project_name, package_name, file_name])
end

def self.wipe_binaries(project_name, package_name, options = {})
http_post(['/build/:project', project_name], defaults: { cmd: :wipe, package: package_name },

Check warning on line 144 in src/api/app/lib/backend/api/sources/package.rb

View check run for this annotation

Codecov / codecov/patch

src/api/app/lib/backend/api/sources/package.rb#L144

Added line #L144 was not covered by tests
params: options.compact, accepted: %i[repository arch])
end

# Writes the content of the source file
# @return [String]
def self.write_file(project_name, package_name, file_name, content = '', params = {})
Expand Down
2 changes: 2 additions & 0 deletions src/api/app/models/token.rb
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,8 @@ def self.token_type(action)
Token::Rebuild
when 'release'
Token::Release
when 'wipe'
Token::Wipe

Check warning on line 44 in src/api/app/models/token.rb

View check run for this annotation

Codecov / codecov/patch

src/api/app/models/token.rb#L44

Added line #L44 was not covered by tests
when 'workflow'
Token::Workflow
else
Expand Down
47 changes: 47 additions & 0 deletions src/api/app/models/token/wipe.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
class Token::Wipe < Token
def call(options)
set_triggered_at
package_name = options[:package].to_param
package_name += ":#{options[:multibuild_flavor]}" if options[:multibuild_flavor]
if package_name.present?
Backend::Api::Sources::Package.wipe_binaries(options[:project].to_param,

Check warning on line 7 in src/api/app/models/token/wipe.rb

View check run for this annotation

Codecov / codecov/patch

src/api/app/models/token/wipe.rb#L3-L7

Added lines #L3 - L7 were not covered by tests
package_name,
options.slice(:repository, :arch).compact)
else
Backend::Api::Build::Project.wipe_binaries(options[:project].to_param,

Check warning on line 11 in src/api/app/models/token/wipe.rb

View check run for this annotation

Codecov / codecov/patch

src/api/app/models/token/wipe.rb#L11

Added line #L11 was not covered by tests
options.slice(:repository, :arch).compact)
end
end

def package_find_options
{ use_source: false, follow_multibuild: true }

Check warning on line 17 in src/api/app/models/token/wipe.rb

View check run for this annotation

Codecov / codecov/patch

src/api/app/models/token/wipe.rb#L17

Added line #L17 was not covered by tests
end
end

# == Schema Information
#
# Table name: tokens
#
# id :integer not null, primary key
# description :string(64) default("")
# scm_token :string(255) indexed
# string :string(255) indexed
# triggered_at :datetime
# type :string(255)
# workflow_configuration_path :string(255) default(".obs/workflows.yml")
# workflow_configuration_url :string(8192)
# executor_id :integer not null, indexed
# package_id :integer indexed
#
# Indexes
#
# index_tokens_on_scm_token (scm_token)
# index_tokens_on_string (string) UNIQUE
# package_id (package_id)
# user_id (executor_id)
#
# Foreign Keys
#
# tokens_ibfk_1 (executor_id => users.id)
# tokens_ibfk_2 (package_id => packages.id)
#
8 changes: 8 additions & 0 deletions src/api/app/policies/token/wipe_policy.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
class Token::WipePolicy < TokenPolicy
def trigger?
return false unless user.is_active?
return PackagePolicy.new(user, record.object_to_authorize).update? if record.object_to_authorize.is_a?(Package)

Check warning on line 4 in src/api/app/policies/token/wipe_policy.rb

View check run for this annotation

Codecov / codecov/patch

src/api/app/policies/token/wipe_policy.rb#L3-L4

Added lines #L3 - L4 were not covered by tests

ProjectPolicy.new(user, record.object_to_authorize).update? if record.object_to_authorize.is_a?(Project)

Check warning on line 6 in src/api/app/policies/token/wipe_policy.rb

View check run for this annotation

Codecov / codecov/patch

src/api/app/policies/token/wipe_policy.rb#L6

Added line #L6 was not covered by tests
end
end
1 change: 1 addition & 0 deletions src/api/config/routes/api.rb
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@
post 'trigger/rebuild' => 'trigger#rebuild'
post 'trigger/release' => 'trigger#release'
post 'trigger/runservice' => 'trigger#runservice'
post 'trigger/wipe' => 'trigger#wipe'
post 'trigger/workflow' => 'trigger_workflow#create'

### /issue_trackers
Expand Down
2 changes: 2 additions & 0 deletions src/api/public/apidocs/OBS-v2.10.50.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -517,6 +517,8 @@ paths:
$ref: 'paths/trigger_release.yaml'
/trigger/runservice:
$ref: 'paths/trigger_runservice.yaml'
/trigger/wipe:
$ref: 'paths/trigger_wipe.yaml'
/trigger/workflow:
$ref: 'paths/trigger_workflow.yaml'
/trigger/webhook:
Expand Down
2 changes: 1 addition & 1 deletion src/api/public/apidocs/paths/person_login_token.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ post:
name: operation
schema:
type: string
enum: [runservice, rebuild, release]
enum: [runservice, rebuild, release, wipe]
description: |
Operation indicates the kind of token that is going to be created.
Expand Down
9 changes: 9 additions & 0 deletions src/api/public/apidocs/paths/trigger_wipe.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
post:
summary: Trigger a wipe of binary artifacts
description: |
This endpoint behaves exactly as the [/trigger](#/Trigger/post_trigger) endpoint but
only allows API tokens with the operation 'wipe' to be triggered.
security:
- GitLab_key_authentication: []
tags:
- Trigger

0 comments on commit 72753c1

Please sign in to comment.